Á¤º¸°úÇÐȸ ³í¹®Áö I : Á¤º¸Åë½Å
| ÇѱÛÁ¦¸ñ(Korean Title) |
À¥ ¾îÇø®ÄÉÀÌ¼Ç Æ¯¼º ºÐ¼®À» ÅëÇÑ °ø°Ý ºÐ·ù |
| ¿µ¹®Á¦¸ñ(English Title) |
Attack Categorization based on Web Application Analysis |
| ÀúÀÚ(Author) |
¼Á¤¼®
±èÇѼº
Á¶»óÇö
Â÷¼º´ö
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 30 NO. 01 PP. 0097 ~ 0116 (2003. 02) |
Çѱ۳»¿ë
(Korean Abstract) |
ÃÖ±Ù À¥ ¼ºñ½ºÀÇ Áõ°¡¿Í ÇÔ²² À¥ ¼ºñ½º¿¡ ´ëÇÑ °ø°Ý°ú ±× ÇÇÇØ ±Ô¸ð´Â Áõ°¡ÇÏ°í ÀÖ´Ù. ±×·¯³ª À¥ ¼ºñ½º¿¡ ´ëÇÑ °ø°ÝÀº ´Ù¸¥ ÀÎÅÍ³Ý °ø°Ýµé°ú ¼º°ÝÀÌ ´Ù¸£°í ±×¿¡ ´ëÇÑ ¿¬±¸ ¶ÇÇÑ ºÎÁ·ÇÑ Çö½ÇÀÌ´Ù. ´õ¿íÀÌ ±âÁ¸ÀÇ Ä§ÀÔ Å½Áö ½Ã½ºÅ۵鵵 À¥ ¼ºñ½º¸¦ º¸È£Çϴµ¥ ÀûÇÕÇÏÁö ¾Ê´Ù. ÀÌ ¿¬±¸¿¡¼´Â ¸ÕÀú À¥ °ø°ÝµéÀ» °ø°Ý ¹ß»ý ¿øÀΰú °ø°Ý ŽÁö °üÁ¡¿¡¼ ºÐ·ùÇÏ°í, ¸¶Áö¸·À¸·Î À§Ç輺 ºÐ¼®À» ÅëÇÏ¿© À¥ °ø°ÝµéÀ» ºÐ·ùÇÏ¿´´Ù. À̸¦ ÅëÇØ À¥ ¼ºñ½º¸¦ º¸È£Çϱâ ÀûÇÕÇÑ À¥ ¼ºñ½º Æ¯ÈµÈ Ä§ÀÔ Å½Áö ½Ã½ºÅÛÀ» ¼³°è, °³¹ßÇϴµ¥ µµ¿òÀ» ÁÖ°íÀÚ ÇÑ´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
Frequency of attacks on web services and the resulting damage continue to grow as web services become popular. Techniques used in web service attacks are usually different from traditional network intrusion techniques, and techniques to protect web services are badly needed. Unfortunately, conventional intrusion detection systems (IDS), especially those based on known attack signatures, are inadequate in providing reasonable degree of security to web services. An application-level IDS, tailored to web services, is needed to overcome such limitations. The first step in developing web application IDS is to analyze known attacks on web services and characterize them so that anomaly-based intrusion detection becomes possible. In this paper, we classified known attack techniques to web services by analyzing causes, locations where such attack can be easily detected, and the potential risks. |
| Å°¿öµå(Keyword) |
Á¤º¸º¸¾È
À¥ °ø°Ý
°ø°Ý ºÐ·ù
ħÀÔ Å½Áö
³×Æ®¿öÅ© º¸¾È
À¥ ¾îÇø®ÄÉÀ̼Ç
Á¤º¸Àü
Ãë¾àÁ¡ ºÐ¼®
web attack
attack categorization
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
